From 7be5744a689eaad5fcbab885f0b3e0b11fc1e0e2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Dec 2025 10:27:39 +0000 Subject: [PATCH 1/3] Bump @sentry/mcp-server from 0.24.0 to 0.26.0 in /.github/workflows Bumps [@sentry/mcp-server](https://github.com/getsentry/sentry-mcp) from 0.24.0 to 0.26.0. - [Release notes](https://github.com/getsentry/sentry-mcp/releases) - [Commits](https://github.com/getsentry/sentry-mcp/compare/0.24.0...0.26.0) --- updated-dependencies: - dependency-name: "@sentry/mcp-server" dependency-version: 0.26.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/package-lock.json | 66 ++++++++++++++--------------- .github/workflows/package.json | 2 +- 2 files changed, 34 insertions(+), 34 deletions(-) diff --git a/.github/workflows/package-lock.json b/.github/workflows/package-lock.json index 974268e6a0..53f6bc27bf 100644 --- a/.github/workflows/package-lock.json +++ b/.github/workflows/package-lock.json @@ -7,7 +7,7 @@ "name": "gh-aw-workflows-deps", "license": "MIT", "dependencies": { - "@sentry/mcp-server": "0.24.0" + "@sentry/mcp-server": "0.26.0" } }, "node_modules/@apm-js-collab/code-transformer": { @@ -576,23 +576,23 @@ } }, "node_modules/@sentry/core": { - "version": "10.28.0", - "resolved": "https://registry.npmjs.org/@sentry/core/-/core-10.28.0.tgz", - "integrity": "sha512-9yFIPxyfWkDzt+IaRjboeNiXOKi22ZRGG3ELmZlLak8JCC+vA+q/+AmF/8Jnw59WlL3/KVC1Q8+t8bLCkxlswg==", + "version": "10.32.0", + "resolved": "https://registry.npmjs.org/@sentry/core/-/core-10.32.0.tgz", + "integrity": "sha512-E+ihb8+5PBfYMamnXHalgsmxkcG2YQqhRdgYf3yWJ5dJvi4njh1VWK3kNVj1GvsU6ktaielAx4Rg5dwEFMnbZg==", "license": "MIT", "engines": { "node": ">=18" } }, "node_modules/@sentry/mcp-server": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/@sentry/mcp-server/-/mcp-server-0.24.0.tgz", - "integrity": "sha512-9KdRHESIL1zqubyFRTB/Q4DakLXkw6UvrOC+RwNFrlURS8N/TZGeILXaYPo9Ua0CammA6XtQ5Sv94sR7pUtF4w==", + "version": "0.26.0", + "resolved": "https://registry.npmjs.org/@sentry/mcp-server/-/mcp-server-0.26.0.tgz", + "integrity": "sha512-Ydywv3jbyHdNCYKAg9VFvd/bYBxxHgO5UmS7Nv47DMQYW7YCuNKFEq/oQgVUrXgZ6dPNPw1EjHfXXu4/ZwEqqw==", "license": "FSL-1.1-ALv2", "dependencies": { "@modelcontextprotocol/sdk": "^1.21.0", - "@sentry/core": "10.28.0", - "@sentry/node": "10.28.0", + "@sentry/core": "10.32.0", + "@sentry/node": "10.32.0", "dotenv": "^16.6.1", "zod": "^3.25.67" }, @@ -604,9 +604,9 @@ } }, "node_modules/@sentry/node": { - "version": "10.28.0", - "resolved": "https://registry.npmjs.org/@sentry/node/-/node-10.28.0.tgz", - "integrity": "sha512-aih3iqagUU/9Xa6RObgdS9cKL3q5eerYNMJoO9SflMgeyhHBM5BRqo0IPSMQ9nuogrDBp443sgtW450VXYO7Bg==", + "version": "10.32.0", + "resolved": "https://registry.npmjs.org/@sentry/node/-/node-10.32.0.tgz", + "integrity": "sha512-KENGLH34gUlrNd9QVJFp37w64DZmorWarm67sFJ2J+VmBII0JMkbIJy1SdHyHxGtgitbokotMTjjf9isVnWwlw==", "license": "MIT", "dependencies": { "@opentelemetry/api": "^1.9.0", @@ -639,9 +639,9 @@ "@opentelemetry/sdk-trace-base": "^2.2.0", "@opentelemetry/semantic-conventions": "^1.37.0", "@prisma/instrumentation": "6.19.0", - "@sentry/core": "10.28.0", - "@sentry/node-core": "10.28.0", - "@sentry/opentelemetry": "10.28.0", + "@sentry/core": "10.32.0", + "@sentry/node-core": "10.32.0", + "@sentry/opentelemetry": "10.32.0", "import-in-the-middle": "^2", "minimatch": "^9.0.0" }, @@ -650,14 +650,14 @@ } }, "node_modules/@sentry/node-core": { - "version": "10.28.0", - "resolved": "https://registry.npmjs.org/@sentry/node-core/-/node-core-10.28.0.tgz", - "integrity": "sha512-OOmNtMSPHjiVb+dmTC9Lq+uIrC2FplZSdst033mH+ucBF7xjyY1/WAk02pw+hqNVFQKwaItqhGNFTmC7aST60Q==", + "version": "10.32.0", + "resolved": "https://registry.npmjs.org/@sentry/node-core/-/node-core-10.32.0.tgz", + "integrity": "sha512-O+TVuF1fO0j37W6IzdHCpTIr4uUkFzcSKgxNmH9ihYpRzkQgfLDZJWVxtov+H8/1pC5lkvl2VZhWmY+SWj2kHA==", "license": "MIT", "dependencies": { "@apm-js-collab/tracing-hooks": "^0.3.1", - "@sentry/core": "10.28.0", - "@sentry/opentelemetry": "10.28.0", + "@sentry/core": "10.32.0", + "@sentry/opentelemetry": "10.32.0", "import-in-the-middle": "^2" }, "engines": { @@ -674,12 +674,12 @@ } }, "node_modules/@sentry/opentelemetry": { - "version": "10.28.0", - "resolved": "https://registry.npmjs.org/@sentry/opentelemetry/-/opentelemetry-10.28.0.tgz", - "integrity": "sha512-SiSLN294vlxipDG0/FvMYIFmyXEffXmPvvdyp5DUqY8NyJytYPPUJ3DuQhc9XRVyEd9XeOgra661nxNIKPr1pg==", + "version": "10.32.0", + "resolved": "https://registry.npmjs.org/@sentry/opentelemetry/-/opentelemetry-10.32.0.tgz", + "integrity": "sha512-owGL94JAgbwxgaeUNLktJWMShZPo04ZKTaQhhLz3YmVDJFj8VFOQXdWBMqv1Gv6T6/fCuTlwzJ3rvpSOImxXUQ==", "license": "MIT", "dependencies": { - "@sentry/core": "10.28.0" + "@sentry/core": "10.32.0" }, "engines": { "node": ">=18" @@ -711,9 +711,9 @@ } }, "node_modules/@types/node": { - "version": "24.10.1", - "resolved": "https://registry.npmjs.org/@types/node/-/node-24.10.1.tgz", - "integrity": "sha512-GNWcUTRBgIRJD5zj+Tq0fKOJ5XZajIiBroOF0yvj2bSU1WvNdYS/dn9UxwsujGW4JX06dnHyjV2y9rRaybH0iQ==", + "version": "25.0.3", + "resolved": "https://registry.npmjs.org/@types/node/-/node-25.0.3.tgz", + "integrity": "sha512-W609buLVRVmeW693xKfzHeIV6nJGGz98uCPfeXI1ELMLXVeKYZ9m15fAMSaUPBHYLGFsVRcMmSCksQOrZV9BYA==", "license": "MIT", "dependencies": { "undici-types": "~7.16.0" @@ -1340,9 +1340,9 @@ } }, "node_modules/import-in-the-middle": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/import-in-the-middle/-/import-in-the-middle-2.0.0.tgz", - "integrity": "sha512-yNZhyQYqXpkT0AKq3F3KLasUSK4fHvebNH5hOsKQw2dhGSALvQ4U0BqUc5suziKvydO5u5hgN2hy1RJaho8U5A==", + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/import-in-the-middle/-/import-in-the-middle-2.0.1.tgz", + "integrity": "sha512-bruMpJ7xz+9jwGzrwEhWgvRrlKRYCRDBrfU+ur3FcasYXLJDxTruJ//8g2Noj+QFyRBeqbpj8Bhn4Fbw6HjvhA==", "license": "Apache-2.0", "dependencies": { "acorn": "^8.14.0", @@ -1604,9 +1604,9 @@ } }, "node_modules/postgres-bytea": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/postgres-bytea/-/postgres-bytea-1.0.0.tgz", - "integrity": "sha512-xy3pmLuQqRBZBXDULy7KbaitYqLcmxigw14Q5sj8QBVLqEwXfeybIKVWiqAXTlcvdvb0+xkOtDbfQMOf4lST1w==", + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/postgres-bytea/-/postgres-bytea-1.0.1.tgz", + "integrity": "sha512-5+5HqXnsZPE65IJZSMkZtURARZelel2oXUEO8rH83VS/hxH5vv1uHquPg5wZs8yMAfdv971IU+kcPUczi7NVBQ==", "license": "MIT", "engines": { "node": ">=0.10.0" diff --git a/.github/workflows/package.json b/.github/workflows/package.json index 5ecc1118df..c7def8f36f 100644 --- a/.github/workflows/package.json +++ b/.github/workflows/package.json @@ -3,6 +3,6 @@ "private": true, "license": "MIT", "dependencies": { - "@sentry/mcp-server": "0.24.0" + "@sentry/mcp-server": "0.26.0" } } From f0db98b90ca142fd3d7199782a58c58545f047d1 Mon Sep 17 00:00:00 2001 From: Copilot <198982749+Copilot@users.noreply.github.com> Date: Mon, 22 Dec 2025 07:28:42 -0800 Subject: [PATCH 2/3] Prefer precise version numbers in action pin algorithm (#7260) --- .github/workflows/daily-team-status.lock.yml | 28 ++--- pkg/cli/semver.go | 13 +++ pkg/cli/semver_precise_test.go | 101 +++++++++++++++++++ pkg/cli/update_actions.go | 18 ++++ 4 files changed, 146 insertions(+), 14 deletions(-) create mode 100644 pkg/cli/semver_precise_test.go diff --git a/.github/workflows/daily-team-status.lock.yml b/.github/workflows/daily-team-status.lock.yml index 67fc3c1a19..a9ea6973d5 100644 --- a/.github/workflows/daily-team-status.lock.yml +++ b/.github/workflows/daily-team-status.lock.yml @@ -2353,14 +2353,14 @@ jobs: } >> "$GITHUB_STEP_SUMMARY" - name: Upload prompt if: always() - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: name: prompt.txt path: /tmp/gh-aw/aw-prompts/prompt.txt if-no-files-found: warn - name: Upload agentic run info if: always() - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: name: aw_info.json path: /tmp/gh-aw/aw_info.json @@ -2507,7 +2507,7 @@ jobs: SECRET_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload Safe Outputs if: always() - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: name: safe_output.jsonl path: ${{ env.GH_AW_SAFE_OUTPUTS }} @@ -3747,13 +3747,13 @@ jobs: await main(); - name: Upload sanitized agent output if: always() && env.GH_AW_AGENT_OUTPUT - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: name: agent_output.json path: ${{ env.GH_AW_AGENT_OUTPUT }} if-no-files-found: warn - name: Upload engine output files - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: name: agent_outputs path: | @@ -3762,7 +3762,7 @@ jobs: if-no-files-found: ignore - name: Upload MCP logs if: always() - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: name: mcp-logs path: /tmp/gh-aw/mcp-logs/ @@ -5247,7 +5247,7 @@ jobs: - name: Upload Firewall Logs if: always() continue-on-error: true - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: name: firewall-logs-daily-team-status path: /tmp/gh-aw/sandbox/firewall/logs/ @@ -5405,7 +5405,7 @@ jobs: } - name: Upload Agent Stdio if: always() - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: name: agent-stdio.log path: /tmp/gh-aw/agent-stdio.log @@ -5678,7 +5678,7 @@ jobs: echo "Agent Conclusion: $AGENT_CONCLUSION" - name: Download agent output artifact continue-on-error: true - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 with: name: agent_output.json path: /tmp/gh-aw/safeoutputs/ @@ -6171,20 +6171,20 @@ jobs: steps: - name: Download prompt artifact continue-on-error: true - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 with: name: prompt.txt path: /tmp/gh-aw/threat-detection/ - name: Download agent output artifact continue-on-error: true - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 with: name: agent_output.json path: /tmp/gh-aw/threat-detection/ - name: Download patch artifact if: needs.agent.outputs.has_patch == 'true' continue-on-error: true - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 with: name: aw.patch path: /tmp/gh-aw/threat-detection/ @@ -6412,7 +6412,7 @@ jobs: } - name: Upload threat detection log if: always() - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: name: threat-detection.log path: /tmp/gh-aw/threat-detection/detection.log @@ -6483,7 +6483,7 @@ jobs: steps: - name: Download agent output artifact continue-on-error: true - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 with: name: agent_output.json path: /tmp/gh-aw/safeoutputs/ diff --git a/pkg/cli/semver.go b/pkg/cli/semver.go index 7362e41973..df3f6b59ce 100644 --- a/pkg/cli/semver.go +++ b/pkg/cli/semver.go @@ -56,6 +56,19 @@ func parseVersion(v string) *semanticVersion { return ver } +// isPreciseVersion returns true if this version has explicit minor and patch components +// For example, "v6.0.0" is precise, but "v6" is not +func (v *semanticVersion) isPreciseVersion() bool { + // Check if raw version has at least two dots (major.minor.patch format) + // or at least one dot for major.minor format + // "v6" -> not precise + // "v6.0" -> somewhat precise (has minor) + // "v6.0.0" -> precise (has minor and patch) + versionPart := strings.TrimPrefix(v.raw, "v") + dotCount := strings.Count(versionPart, ".") + return dotCount >= 2 // Require at least major.minor.patch +} + // isNewer returns true if this version is newer than the other func (v *semanticVersion) isNewer(other *semanticVersion) bool { if v.major != other.major { diff --git a/pkg/cli/semver_precise_test.go b/pkg/cli/semver_precise_test.go new file mode 100644 index 0000000000..bef0fb852e --- /dev/null +++ b/pkg/cli/semver_precise_test.go @@ -0,0 +1,101 @@ +package cli + +import ( + "testing" +) + +func TestIsPreciseVersion(t *testing.T) { + tests := []struct { + name string + version string + expected bool + }{ + { + name: "major only - not precise", + version: "v6", + expected: false, + }, + { + name: "major.minor - not precise", + version: "v6.0", + expected: false, + }, + { + name: "major.minor.patch - precise", + version: "v6.0.0", + expected: true, + }, + { + name: "major.minor.patch non-zero - precise", + version: "v6.0.1", + expected: true, + }, + { + name: "full version - precise", + version: "v6.1.2", + expected: true, + }, + { + name: "without v prefix - precise", + version: "6.0.0", + expected: true, + }, + { + name: "single digit major - not precise", + version: "v1", + expected: false, + }, + { + name: "three component version - precise", + version: "v1.2.3", + expected: true, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + v := parseVersion(tt.version) + if v == nil { + t.Fatalf("Failed to parse version: %s", tt.version) + } + + result := v.isPreciseVersion() + if result != tt.expected { + t.Errorf("isPreciseVersion() for %q = %v, want %v", tt.version, result, tt.expected) + } + }) + } +} + +func TestPreciseVersionPreference(t *testing.T) { + // Test that when comparing equal versions, precise versions are preferred + v6 := parseVersion("v6") + v600 := parseVersion("v6.0.0") + + if v6 == nil || v600 == nil { + t.Fatal("Failed to parse versions") + } + + // They should parse to the same major.minor.patch + if v6.major != v600.major || v6.minor != v600.minor || v6.patch != v600.patch { + t.Errorf("v6 and v6.0.0 should parse to same major.minor.patch, got v6=%+v, v600=%+v", v6, v600) + } + + // v6.0.0 should be precise, v6 should not + if !v600.isPreciseVersion() { + t.Error("v6.0.0 should be precise") + } + + if v6.isPreciseVersion() { + t.Error("v6 should not be precise") + } + + // Neither should be considered "newer" than the other + if v6.isNewer(v600) { + t.Error("v6 should not be newer than v6.0.0") + } + + if v600.isNewer(v6) { + t.Error("v6.0.0 should not be newer than v6") + } +} diff --git a/pkg/cli/update_actions.go b/pkg/cli/update_actions.go index 94c2d34687..d11ac71e10 100644 --- a/pkg/cli/update_actions.go +++ b/pkg/cli/update_actions.go @@ -211,6 +211,15 @@ func getLatestActionRelease(repo, currentVersion string, allowMajor, verbose boo if latestCompatibleVersion == nil || releaseVer.isNewer(latestCompatibleVersion) { latestCompatible = release latestCompatibleVersion = releaseVer + } else if !releaseVer.isNewer(latestCompatibleVersion) && + releaseVer.major == latestCompatibleVersion.major && + releaseVer.minor == latestCompatibleVersion.minor && + releaseVer.patch == latestCompatibleVersion.patch { + // If versions are equal, prefer the more precise one (e.g., "v6.0.0" over "v6") + if releaseVer.isPreciseVersion() && !latestCompatibleVersion.isPreciseVersion() { + latestCompatible = release + latestCompatibleVersion = releaseVer + } } } @@ -301,6 +310,15 @@ func getLatestActionReleaseViaGit(repo, currentVersion string, allowMajor, verbo if latestCompatibleVersion == nil || releaseVer.isNewer(latestCompatibleVersion) { latestCompatible = release latestCompatibleVersion = releaseVer + } else if !releaseVer.isNewer(latestCompatibleVersion) && + releaseVer.major == latestCompatibleVersion.major && + releaseVer.minor == latestCompatibleVersion.minor && + releaseVer.patch == latestCompatibleVersion.patch { + // If versions are equal, prefer the more precise one (e.g., "v6.0.0" over "v6") + if releaseVer.isPreciseVersion() && !latestCompatibleVersion.isPreciseVersion() { + latestCompatible = release + latestCompatibleVersion = releaseVer + } } } From 0b1987322e4feb706195e7eb039195f1c2a91588 Mon Sep 17 00:00:00 2001 From: Copilot <198982749+Copilot@users.noreply.github.com> Date: Mon, 22 Dec 2025 07:46:43 -0800 Subject: [PATCH 3/3] Recompile workflows with precise version numbers after Sentry MCP server bump (#7278) --- .github/aw/actions-lock.json | 14 +++++----- .github/workflows/daily-team-status.lock.yml | 28 ++++++++++---------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/.github/aw/actions-lock.json b/.github/aw/actions-lock.json index 87849f4e0f..08bc5d2449 100644 --- a/.github/aw/actions-lock.json +++ b/.github/aw/actions-lock.json @@ -72,7 +72,7 @@ }, "actions/github-script@v8": { "repo": "actions/github-script", - "version": "v8", + "version": "v8.0.0", "sha": "ed597411d8f924073f98dfc5c65a23a2325f34cd" }, "actions/setup-dotnet@v4": { @@ -167,18 +167,18 @@ }, "github/codeql-action/upload-sarif@v3": { "repo": "github/codeql-action/upload-sarif", - "version": "v3", - "sha": "c37a8b7cd97e31de3fcbd9d84c401870edeb8d34" + "version": "v3.31.9", + "sha": "70c165ac82ca0e33a10e9741508dd0ccb4dcf080" }, "github/stale-repos@v3": { "repo": "github/stale-repos", - "version": "v3", - "sha": "3477b6488008d9411aaf22a0924ec7c1f6a69980" + "version": "v3.0.2", + "sha": "a21e55567b83cf3c3f3f9085d3038dc6cee02598" }, "haskell-actions/setup@v2": { "repo": "haskell-actions/setup", - "version": "v2.9.0", - "sha": "782a7c5aa54495c3d21d7c8d5f03a8a2113a1ff7" + "version": "v2.9.1", + "sha": "55073cbd0e96181a9abd6ff4e7d289867dffc98d" }, "oven-sh/setup-bun@v2": { "repo": "oven-sh/setup-bun", diff --git a/.github/workflows/daily-team-status.lock.yml b/.github/workflows/daily-team-status.lock.yml index a9ea6973d5..67fc3c1a19 100644 --- a/.github/workflows/daily-team-status.lock.yml +++ b/.github/workflows/daily-team-status.lock.yml @@ -2353,14 +2353,14 @@ jobs: } >> "$GITHUB_STEP_SUMMARY" - name: Upload prompt if: always() - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: prompt.txt path: /tmp/gh-aw/aw-prompts/prompt.txt if-no-files-found: warn - name: Upload agentic run info if: always() - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: aw_info.json path: /tmp/gh-aw/aw_info.json @@ -2507,7 +2507,7 @@ jobs: SECRET_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload Safe Outputs if: always() - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: safe_output.jsonl path: ${{ env.GH_AW_SAFE_OUTPUTS }} @@ -3747,13 +3747,13 @@ jobs: await main(); - name: Upload sanitized agent output if: always() && env.GH_AW_AGENT_OUTPUT - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: agent_output.json path: ${{ env.GH_AW_AGENT_OUTPUT }} if-no-files-found: warn - name: Upload engine output files - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: agent_outputs path: | @@ -3762,7 +3762,7 @@ jobs: if-no-files-found: ignore - name: Upload MCP logs if: always() - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: mcp-logs path: /tmp/gh-aw/mcp-logs/ @@ -5247,7 +5247,7 @@ jobs: - name: Upload Firewall Logs if: always() continue-on-error: true - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: firewall-logs-daily-team-status path: /tmp/gh-aw/sandbox/firewall/logs/ @@ -5405,7 +5405,7 @@ jobs: } - name: Upload Agent Stdio if: always() - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: agent-stdio.log path: /tmp/gh-aw/agent-stdio.log @@ -5678,7 +5678,7 @@ jobs: echo "Agent Conclusion: $AGENT_CONCLUSION" - name: Download agent output artifact continue-on-error: true - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: name: agent_output.json path: /tmp/gh-aw/safeoutputs/ @@ -6171,20 +6171,20 @@ jobs: steps: - name: Download prompt artifact continue-on-error: true - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: name: prompt.txt path: /tmp/gh-aw/threat-detection/ - name: Download agent output artifact continue-on-error: true - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: name: agent_output.json path: /tmp/gh-aw/threat-detection/ - name: Download patch artifact if: needs.agent.outputs.has_patch == 'true' continue-on-error: true - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: name: aw.patch path: /tmp/gh-aw/threat-detection/ @@ -6412,7 +6412,7 @@ jobs: } - name: Upload threat detection log if: always() - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: threat-detection.log path: /tmp/gh-aw/threat-detection/detection.log @@ -6483,7 +6483,7 @@ jobs: steps: - name: Download agent output artifact continue-on-error: true - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: name: agent_output.json path: /tmp/gh-aw/safeoutputs/